commit 3f98b1e adds a better fatal error message. Will be released with 1.7.2.

You are welcome. If my bad English makes it difficult, here is another document.

http://web.monkeysphere.info/doc/trust-models/
You can find the explanation:

So "full" ownertrust on a key is only meaningful as long as there is a trust
path to some User ID on that key already. "ultimate" ownertrust is meaningful
anyway, because presumably you control that key.

Ok I think I get it. I appreciate you taking the time to explain it.
Thanks.

Ok I think I get it now. Thank you for explaining it to me. I appreciate it

Adding "ultimate" trust means: you are specifying it's your own key. GnuPG
doesn't check if your own key is signed by another your own key (or you really
have corresponding private key).

Let me explain the validity of public keys.

• Start with a set of key(s) with "ultimate" trust. Ultimate keys are all valid,

put them to a set of valid keys.

• Pick a key from valid keys. Collect all keys signed by this key (locally or

globally), it's all valid. Put them to a set of valid keys.

Next, it checks "full" or "marginal" trust to a public key.

• Start with the set of public keys which are valid (by the computation so far).
• Pick a key from the set. If it has "full" trust, mark all keys which are

signed by this key as it's reachable by "full" trust.

• If it has "marginal" trust, mark all keys which are signed by this key as it's

reachable by "marginal" trust adding a point.

• Scan all marked key. If it can be reachable by "full" trust. It will be in

the set of valid keys. If it can be reachable by "marginal" trust by 3
(default) different keys, it will be also in the set of valid keys.

• Add checked keys to the set of valid keys. And apply(repeat) this procedure

recursively, to the newly added valid keys. Don't repeat too far. Stop if it
goes 5 (default) times.

In other words, adding trust (by --edit-key) to a valid key makes it possible
for another key to be validated by that key. Adding trust (by --edit-key) to an
invalid key doesn't make that invalid key valid. (If it's "full" or "marginal".)

But why does marking it as ultimately trusted ignore that it was never signed?

I forgot to apply Daiki's patch. Done now with commit 82b90ee.

I won't work on the other mentioned change now and this commit is actually about
a regression. Thus bumping to testing.

If you want to use a different home directory and a /run/user based socket, you
need to create a directory for that socket first. We don't do this on-the-fly
to avoid cluttering the /run/user with directories.

With GNUPGHOME set, you only need to run

gpgconf --create-socketdir

man gpgconf

Patch applied with commit c52829e for 2.4.3.
Thanks.

Had you a chance to run the suggested test?

Thanks. Changed with commit 678f606 for 2.4.3

We won't fix that bug but remove the entire file as indicated by the #warning.

It has been fixed with commit 4a983e3.

To make it clear: I'm not even trying to sign or encrypt, just send a plaintext
message with attachment also in the clear.

In T2403 (gniibe on Jul 13 2016, 10:53 AM / Roundup), I said wrongly. It's tests/Makefile.in.
Here is tests/Makefile.am modified.

Attached is modified Makefile.in, so that 'make check' can run t-fork test program.

Yes - I install the patched Npth library into the System. Can you please give
me the expected tests/Makefile.in and tests/Makefile.am.

There are two different concepts: trust and validity.

It makes nothing when you edit a key to mark "full" trust which has unknown
validity. (A key's validity should be valid.)

Marking trust (full or marginal) to a valid key makes validation of other keys
will be possible by that key.

In the beginning, you can make a key valid by signing (sign or lsign) by your
ultimately trusted key.

This issue still stands with 2.1.13. It may be a bug or it may be a
documentation issue but I really do need this to be investigated and resolved,
please.

If this is unsupported by GnuPG 2.1 and unlikely to change, at least the
documentation should be updated.

Please manually edit tests/Makefile.in and tests/Makefile.am, so that you can
compile and run t-fork test program.
Have you install the patched Npth library into the system, so that you can use
patched Npth library with GnuPG?

Yes - I install teh patch and build the Npth library.

make check

Making check in src
make[1]: Entering directory '/develop/npth-1.2/src'
make[1]: Nothing to be done for 'check'.
make[1]: Leaving directory '/develop/npth-1.2/src'
Making check in tests
make[1]: Entering directory '/develop/npth-1.2/tests'
make check-TESTS
make[2]: Entering directory '/develop/npth-1.2/tests'
PASS: t-mutex

PASS: t-thread

All 2 tests passed

make[2]: Leaving directory '/develop/npth-1.2/tests'
make[1]: Leaving directory '/develop/npth-1.2/tests'
make[1]: Entering directory '/develop/npth-1.2'
make[1]: Leaving directory '/develop/npth-1.2'

Thanks a lot.

5636336: 23330877: sem_post(0xF1299434) Err#13 EACCES

This is the problem.
Did you really got success by "make check" of Npth library?
Have you installed the patched Npth library?
Please confirm.

5636336: 23330877: sigprocmask(2, 0xF02E6968, 0x2FF1E3E0) = 0
5636336: 23330877: _sigaction(31, 0x2FF1E438, 0x00000000) = 0
5636336: 23330877: thread_setmymask_fast(0x00000000, 0x00000000,
0x00000000, 0x1164003D, 0x0001F0B0, 0x00000000, 0xE0283800, 0x00000000) =
0x00000000
5636336: 23330877: sigprocmask(2, 0xF02E6968, 0x2FF1E3E0) = 0
5636336: 23330877: _sigaction(2, 0x2FF1E438, 0x00000000) = 0
5636336: 23330877: thread_setmymask_fast(0x00000000, 0x00000000,
0x00000000, 0x1164003D, 0x0001F0B0, 0x00000000, 0xE0283800, 0x00000000) =
0x00000000
5636336: 23330877: sigprocmask(2, 0xF02E6968, 0x2FF1E3E0) = 0
5636336: 23330877: _sigaction(15, 0x2FF1E438, 0x00000000) = 0
5636336: 23330877: thread_setmymask_fast(0x00000000, 0x00000000,
0x00000000, 0x1164003D, 0x0001F0B0, 0x00000000, 0xE0283800, 0x00000000) =
0x00000000
5636336: 23330877: thread_setmymask_fast(0x60004003, 0x00000000,
0x00000000, 0x0000D032, 0x0001F0B0, 0x00000000, 0xE0283800, 0x00000000) =
0x00000000
5636336: 23330877: sem_post(0xF1299434) Err#13 EACCES
5636336: 23330877: kwrite(2, " A s s e r t i o n f a".., 18) = 18
5636336: 23330877: kwrite(2, " _ _ E X", 4) = 4
5636336: 23330877: kwrite(2, " , f i l e ", 8) = 8
5636336: 23330877: kwrite(2, " n p t h . c", 6) = 6
5636336: 23330877: kwrite(2, " , l i n e 1 4 9\n", 11) = 11
5636336: 23330877: kfcntl(1, F_GETFL, 0x1164003D) = 67108865
5636336: 23330877: kfcntl(2, F_GETFL, 0x1164003D) = 67108865
5636336: 23330877: _getpid() = 5636336
5636336: 23330877: thread_kill(-1, 6) = 0
5636336: Received signal #6, SIGABRT [default]
5636336: * process killed *
6815982: 16842893: thread_setmymask_fast(0x00000000, 0x00000000, 0x00000000,
0xD0551900, 0x00000000, 0x1101008D, 0x1101008D, 0x00000000) = 0x00000000
6815982: Received signal #20, SIGCHLD [default]
6815982: 16842893: close(3) = 0
6815982: 16842893: sigprocmask(2, 0x20003AC8, 0x00000000) = 0
6815982: 16842893: __loadx(0x04400000, 0x2FF22080, 0x00000800, 0xD05516A4,
0x00000000) = 0x00000000
6815982: 16842893: kfcntl(1, F_GETFL, 0x1101008D) = 67110922
6815982: 16842893: kfcntl(2, F_GETFL, 0x1101008D) = 67110922
6815982: 16842893: _exit(0)

Thank you for your testing. The patch is to the repository. You need manual
edit to tests/Makefile.am which add t-fork as a test program. I think that
"make check" should go successfully for Npth with the patch.

Could you please trace the gnupg-agent with children processes?
If you are using truss, -f option (follow childres), please.

That is not easy to change. By design gpg-agent generates the key and does not
return it (except for a hack to support --export-secret-key).

2,1 has the goal to replace 1.4 and thus I see the need to support creating a
key w/o string it in private-keys-v1.d/.

When I apply the patch:

patch -p1 -i npth.aix.patch

patching file configure.ac
patching file src/npth.c
patching file tests/Makefile.am
Hunk #1 FAILED at 40.
1 out of 1 hunk FAILED -- saving rejects to file tests/Makefile.am.rej
patching file tests/t-fork.c

1. cat tests/Makefile.am.rej
   • 40,45 **** AM_CPPFLAGS = -I../src -D_POSIX_C_SOURCE=200112L AM_LDFLAGS = LDADD = ../src/libnpth.la $(LIBSOCKET) $(LIB_CLOCK_GETTIME) endif noinst_HEADERS = t-support.h
   • 40,46 ---- AM_CPPFLAGS = -I../src -D_POSIX_C_SOURCE=200112L AM_LDFLAGS = LDADD = ../src/libnpth.la $(LIBSOCKET) $(LIB_CLOCK_GETTIME)

+ TESTS += t-fork

  endif

  noinst_HEADERS = t-support.h

I make the lib and compile gnupg but the gpg-agent don't start and the tests
failed.

#/develop/gnupg-2.1.13/agent/gpg-agent --version
gpg-agent (GnuPG) 2.1.13
libgcrypt 1.7.1
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later https://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

But the Agent dont start as daemon.

statx("/root/.gnupg/S.gpg-agent", 0x2FF22848, 76, 0) Err#2 ENOENT
bind(3, 0x20013A38, 26) = 0
chmod("/root/.gnupg/S.gpg-agent", 0700) = 0
listen(3, 5) = 0
kfcntl(0, F_GETFL, 0x111D00E9) = 67110922
kfcntl(1, F_GETFL, 0x111D00E9) = 67110922
kfcntl(2, F_GETFL, 0x111D00E9) = 67110922
sigprocmask(0, 0xF02E6968, 0xF02E6970) = 0
kfork() = 5767248
thread_setmymask_fast(0x00000000, 0x00000000, 0x00000000, 0xD0551900,
0x00000000, 0x111D00E9, 0x111D00E9, 0x00000000) = 0x00000000

Received signal #20, SIGCHLD [default]

close(3) = 0
sigprocmask(2, 0x20003AC8, 0x00000000) = 0
__loadx(0x04400000, 0x2FF22080, 0x00000800, 0xD05516A4, 0x00000000) = 0x00000000
kfcntl(1, F_GETFL, 0x111D00E9) = 67110922
kfcntl(2, F_GETFL, 0x111D00E9) = 67110922
_exit(0)

Fixed in the repo STABLE-BRANCH-1-4.
Forward ported to STABLE-BRANCH-2-0.
It's not in master (2.1).

interested in this, too. Especially since you always tell me assuan is so easy
to use because it's all in gpgme :-)

Hi,

There was a problem in Gpg4win-2.3.1 that GpgOL and GpgEX might be unable to
start Kleopatra or GPA. This problem has been fixed with 2.3.2

Thanks for your report. Please check if 2.3.2 does not solve your problem and
let us know if it still persists.

Regards,
Andre

Hi,
Thanks for your report. Could you please retest with 2.3.2 we've fixed an issue
where GpgOL had problems communicating with Kleopatra that could cause your
behavior although I'm not 100% sure as I can't reproduce your problem.

Thanks,
Andre

Thanks for your report. Sorry I missed this for 2.3.2.
I'll look into it for the next version.

Hi,

Thanks for your report. With gpg4win-2.3.2 we addressed that problem. See also
issue2319 which was also about this problem.

Please let us know if you still have that problem with 2.3.2 I could reproduce
it in testing and with the fix it no longer happens so I'm hopeful this can be
resolved :-)

Regards,
Andre

Duplicate of T2319

With 2.3.2 the fix was released.

With 2.3.2 we've fixed another bug that sent mails were still handled by gpgol
even when s/mime was disabled.

So far I know of no other problems -> Resolved.

Thank you for your checking of libs.
Failure of gpg-agent causes many errors.
One possible cause of gpg-agent's error is Npth. I have a patch for AIX:
https://lists.gnupg.org/pipermail/gnupg-devel/2016-June/031264.html

I'm pushing this change today to Npth repository.

There isn't an NFS file System on the Server.
It's possible that the lib's have issues but I compile the requsite lib's new
and I receive no Errors when I run the Tests.
I think the LIBPATH is OK, e.g. ./g10/gpg can find all lib's:

ldd ./g10/gpg
./g10/gpg needs:

/usr/lib/libc.a(shr.o)
/usr/lib/libpthread.a(shr_xpg5.o)
/usr/local/lib/libgpg-error.a(libgpg-error.so.0)
/usr/lib/libintl.a(libintl.so.1)
/usr/local/lib/libgcrypt.a(libgcrypt.so.20)
/usr/local/lib/libassuan.a(libassuan.so.0)
/usr/lib/libbz2.a(libbz2.so.1)
/unix
/usr/lib/libcrypt.a(shr.o)
/usr/lib/libpthreads.a(shr_comm.o)
/opt/freeware/lib/libgcc_s.a(shr.o)
/usr/lib/libiconv.a(shr4.o)

I looked T1779, and it failed just like this
report, with an NFS-v3 mounted file system.
Socket to gpg-agent doesn't work if it's on NFS file system.

I think that your installation of libgcrypt, libgpg-error, etc. has some issues.
Please check the installation of libgcrypt, libgpg-error, etc.

You would need to setup LIBPATH environment variable, if it's not installed to
the standard place.

Reference:
https://www.postgresql.org/message-id/52EF20B2E3209443BC37736D00C3C1380A6E79FE%40EXADV1.host.magwien.gv.at

Yes - the HOME was / but I change it to /root and now I recieve the following
Output (only failed):
.
.
.
make[3]: Entering directory '/develop/gnupg-2.1.13/tests/openpgp'
version.test: starting the gpg-agent failed
FAIL: version.test

> Hash algorithm MD5 is not installed (not an error)

PASS: mds.test
FAIL: decrypt.test
FAIL: decrypt-dsa.test
FAIL: sigs.test
FAIL: sigs-dsa.test
FAIL: encrypt.test
FAIL: encrypt-dsa.test
FAIL: seat.test
FAIL: clearsig.test
FAIL: encryptp.test
FAIL: detach.test
FAIL: armsigs.test
FAIL: armencrypt.test
FAIL: armencryptp.test
FAIL: signencrypt.test
FAIL: signencrypt-dsa.test
FAIL: armsignencrypt.test
FAIL: armdetach.test
FAIL: armdetachm.test
FAIL: detachm.test
FAIL: genkey1024.test
FAIL: conventional.test

> IDEA FAIL: conventional-mdc.test

multisig.test: valid is invalid (sig_sl_valid)
FAIL: multisig.test
verify.test: verify of msg_ols_asc failed
verify.test: verify of msg_cols_asc failed
verify.test: verify of msg_sl_asc failed
verify.test: verify of msg_olsols_asc_multiple failed
verify.test: verify of msg_oolss_asc failed
verify.test: verify of msg_cls_asc failed
verify.test: verify of msg_clss_asc failed
verify.test: verify of msg_clsclss_asc_multiple failed
FAIL: verify.test
armor.test: the armored_key_8192 bug is back in town
FAIL: armor.test
import.test: ./bug894-test.asc: import failed (bug 894)
FAIL: import.test
FAIL: ecc.test
PASS: 4gb-packet.test
SKIP: gpgtar.test
use-exact-key.test: : import failed
FAIL: use-exact-key.test
FAIL: default-key.test

> D74C5F22 FAIL: export.test

PASS: finish.test

31 of 34 tests failed
(1 test was not run)

Please report to https://bugs.gnupg.org

Makefile:650: recipe for target 'check-TESTS' failed
make[3]: * [check-TESTS] Error 1
make[3]: Leaving directory '/develop/gnupg-2.1.13/tests/openpgp'
Makefile:773: recipe for target 'check-am' failed
make[2]: * [check-am] Error 2
make[2]: Leaving directory '/develop/gnupg-2.1.13/tests/openpgp'
Makefile:527: recipe for target 'check-recursive' failed
make[1]: * [check-recursive] Error 1
make[1]: Leaving directory '/develop/gnupg-2.1.13/tests'
Makefile:580: recipe for target 'check-recursive' failed
make: * [check-recursive] Error 1

If I understand correctly, you ran 'make check' by root and root's HOME is '/'.
It is unexpected by the test program. If it works with HOME=/root or some other
value, it's not real failure.

t-stringhelp.c:428: test 2 failed
FAIL: t-stringhelp
PASS: t-timestuff
PASS: t-convert
PASS: t-percent
PASS: t-gettime
PASS: t-sysutils
PASS: t-sexputil

> Known envvars: GPG_TTY(ttyname) TERM(ttytype) DISPLAY(display)
> XAUTHORITY(xauthority) XMODIFIERS GTK_IM_MODULE DBUS_SESSION_BUS_ADDRESS
> QT_IM_MODULE INSIDE_EMACS PINENTRY_USER_DATA(pinentry-user-data)

PASS: t-session-env
PASS: t-openpgp-oid
PASS: t-ssh-utils
PASS: t-mapstrings
PASS: t-zb32
PASS: t-mbox-util
PASS: t-iobuf
PASS: t-strlist
PASS: t-private-keys
PASS: t-ccparray

PASS: t-exechelp

1 of 18 tests failed

Please report to https://bugs.gnupg.org

make: The error code from the last command is 1.

Stop.
make: The error code from the last command is 2.

Stop.
make: The error code from the last command is 2.

Stop.
make: The error code from the last command is 1.

Stop.

Hello,

I posted fix for this issue to mailing-list. See:
http://marc.info/?l=gcrypt-devel&m=146732375910584&w=2